Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
14 views1 page

CISSP Security Controls Cheatsheet

The CISSP Security Controls Cheatsheet categorizes security controls into physical, technical, and administrative types based on their nature. It also outlines control types by function, including preventive, detective, corrective, deterrent, recovery, and compensating controls. An example control mapping is provided to illustrate how specific controls fit into these categories and types.

Uploaded by

mikiolon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views1 page

CISSP Security Controls Cheatsheet

The CISSP Security Controls Cheatsheet categorizes security controls into physical, technical, and administrative types based on their nature. It also outlines control types by function, including preventive, detective, corrective, deterrent, recovery, and compensating controls. An example control mapping is provided to illustrate how specific controls fit into these categories and types.

Uploaded by

mikiolon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

CISSP Security Controls Cheatsheet

1. Security Control Categories (by Nature)

These define how the control is implemented:

- Physical: Tangible controls like fences, locks, guards, CCTV.

- Technical (Logical): Technology-based controls like firewalls, antivirus, encryption.

- Administrative: Policy and human-process-based controls like training, background checks, and procedures.

2. Security Control Types (by Function)

These define what the control is intended to do:

- Preventive: Stops incidents before they occur (e.g., firewalls, locks).

- Detective: Identifies incidents during or after they occur (e.g., IDS, audit logs).

- Corrective: Fixes issues after detection (e.g., patching, backups).

- Deterrent: Discourages attacks (e.g., warning signs, visible CCTV).

- Recovery: Helps restore operations (e.g., disaster recovery systems).

- Compensating: Alternative control when the primary is not feasible (e.g., manual reviews).

3. Example Control Mapping

| Control | Category | Types |

|-----------------------|------------------|-------------------------------|

| Surveillance Camera | Physical | Detective, Deterrent |

| Firewall | Technical | Preventive |

| Security Training | Administrative | Preventive, Deterrent |

| Backups | Technical | Corrective, Recovery |

| Policies | Administrative | Preventive |

| Biometric Access | Technical/Physical| Preventive |

| Audit Logs | Technical | Detective |

| Guard Dog | Physical | Deterrent, Detective |

You might also like